7/27/2019 faaodni0070

1/34

TOP SECRETYCOMINT/INOFORN

SEMIANNUAL ASSESSMEN T OF COMPLIANCE WITH PROCEDURES AND GUIDELINESISSUED PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCESURVEILLANCE ACT, SUBMITTED BY THE ATTORNEY GENERAL AND THEDIRECTOR OF NATIONAL INTELLIGENCEReporting Period: June 1, 2009 Novem ber 30, 2009

May 2010

G 3 D R E P I C O N : 1 . 4 ( c ) IVP uDECL ON: 203504Q-6 ROM. MET T OG

ODNI

7/27/2019 faaodni0070

2/34

a (U) Semiannual Assessment of Com pliance with Procedures and Guidelines Issued Pursuantto Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the AttorneyGeneral and the Director of National IntelligenceMay 2010

Reporting Period: June 1, 2009 November 30, 2009

(U) SECTION 1: INTRODUCTION(U) The FISA Am endments Act of 2008, Pub. L. No. 110-261, 122 Stat. 2438, nowcodified at 50 U.S.C. 1881a (hereinafter "FAA"), requires the Attorney General and the Directorof National Intelligence to assess com pliance with certain procedures and guidelines issuedpursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978, 50 U .S.C. 1801 et

seq. (hereinafter "FISA"), as amended by the FAA, and to submit such assessments to the Fo reignIntelligence Surveillance Court (FISC) and relevant congressional comm ittees at least once everysix months. As required by the A ct, a team of oversight personnel from the Department of Justice(DOJ) and the O ffice of the Director of National Intelligence (ODNI) have cond ucted compliancereviews to assess whether the authorities under Section 702 of FISA have been imp lemented inaccordance with applicable procedures and g uidelines, described below. This report sets forth D OJand OD NI' s third joint compliance assessment under Section 702 of FISA, as amended b y the FAA,covering the period June 1, 2009, through Novem ber 30, 2009 (the "reporting period"). 1

(U) Section 702(1) of FISA, as amended b y the FAA, provides:Not less frequently than once every 6 mo nths, the Attorney General and Director ofNational Intelligence shall assess com pliance with the targeting and minimizationprocedures adopted in accordance with subsections (d) and (e) and the guidelinesadopted in accordance with subjection (f) and shall submit each assessment to

(A ) the Foreign Intelligence Surveillance Court; and(B) consistent with the Rules of the H ouse of Representatives, theStanding Rules of the Senate, and Senate Resolution 400 of the 94thCongress or any successor Senate resolution (i) the congressionalintelligence com mittees; and (ii) the Comm ittees on the Judiciary of theHouse of Re presentative and the Sena te.(U) The targeting procedures referred to in subsection (d) are procedures that the AttorneyGeneral must adopt, in consultation with the Director of National Intelligence, "that are reasonably

designed to (A) ensure that any acquisition authorized under subsection (a) is limited to targetingpersons reasonably believed to be located outside the United States; and (B ) prevent the intentional1 re0...?) This report accompanies the Sem iannual Report of the U.S. Departm ent of Justice Concerning Acquisitions underSection 702 of the FISA, which is submitted pursuant to Section 707 of FISA, as amended by the FAA, and covers thesame reporting period.

e 1 ,1. e 2ODNI

7/27/2019 faaodni0070

3/34

. - e

acquisition of any com munication as to which the sender and all intended recipients are known atthe time of the acqu isition to be located in the United S tates." Section 702(d) (2) requires that theseprocedures be reviewed by the FISC.(U) The m inimization procedures referred to in subsection (e) must also be adopted by the

Attorney General in consultation with the Director of National Intelligence. They must meet thedefinition of "m inimization procedures" under Section 101(4) or 301(4), as appropriate, of FISA. 2

(U) The guidelines referred to in subsection (f) similarly must be adopted by the AttorneyGeneral, in consultation with the Director of National Intelligence. The purpose of these guidelinesis to ensure com pliance with the limitations set forth in Section 702(b), which are as follows:An acquisition authorized under subsection (a)(1 ) may not intentionally target any person know n at the time of acquisition to belocated in the United States;(2) may not intentionally target a person reasonab ly believed to be located outside theUnited States if the purpose of such acquisition is to target a pa rticular, knownperson reasonably believed to be in the Un ited States;(3 ) may not intentionally target a United States person reasonably believed to belocated outside the Un ited States;(4) may not intentionally acquire any com munication as to which the sender and allintended recipients are known at the time of the acquisition to be located in theUnited States; and(5) shall be conducted in a man ner consistent with the fourth amendm ent to theConstitution of the United States.

(U) Section 101(h) provides:"Minimization procedures", with respect to electronic surveillance, means--(1 ) specific procedures, which shall be adop ted by the Attorney General, that are reasonably designed in lightof the purpose and technique of the particular surveillance, to minimize the acquisition and retention, andprohibit the dissemination, of nonpublicly available information concerning unconsenting United Statespersons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligenceinformation;(2 ) procedures that require that nonpublicly available information, which is not foreign intelligenceinformation, as defined in subsection (e)(1), shall not be disseminated in a manner that identifies any UnitedStates person, without such person's consent, unless such person's identity is necessary to understand foreignintelligence information or assess its importance;(3 ) notwithstanding paragraphs (1) and (2), procedures that allow for the retention and dissemination ofinformation that is evidence of a crime which has been, is being, or is about to be comm itted and that is to beretained or disseminated for law enforcement purposes; and(4) notwithstanding paragraphs (1), (2), and (3), with respect to any electronic surveillance approved pursuantto section 102(a) [50 USCS 1802(a)], procedures that require that no contents of any com munication towhich a United States person is a party shall be disclosed, disseminated, or used for any purpose or retained forlonger than 72 hours unless a court order under section 105 [50 USCS 1805] is obtained or unless theAttorney General determines that the information indicates a threat of death or serious bodily harm to anyperson.

TOP SECRET/ICOMINTIINOFORNODNI

7/27/2019 faaodni0070

4/34

7/27/2019 faaodni0070

5/34

".. (U) As with the prior joint assessments, this joint assessment first provides a description ofthe process by w hich the authorities granted under S ection 702 are im plemented. It then describesthe conduct of the compliance assessments themselves explaining the m ethodology used by thejoint DOJ and OD NI team to review the measures being used to imp lement the authorities andassesses compliance with the procedures and guidelines. These descriptions are necessary to

provide context for the findings.(IJALFOUQ) This assessment finds that during the reporting period, the agencies havecontinued to impleme nt the procedures and follow the guidelines in a manner that reflects a focusedand concerted effort by agency personnel to comply with the requirements of Section 702. Thecompliance incidents for the reporting period are described in detail in the Sem iannual Report of theAttorney General Concerning Acquisitions under Section 702 of FISA, March 2010, subm itted asrequired by Section 707(b)(1) of FISA, as amended by the FA A (the "Section 707 Report"). Aswith the prior joint assessments, those compliance incidents are analyzed here to determine w hetherthere are patterns or trends that might indicate underlying causes that could b e addressed throughadditional measures, and to assess whether the agency involved has implem ented measures toprevent recurren ces. First, as in the prior joint assessment repo rts, it should be no ted that the joint

oversight team has not found indications in these compliance incidents of any intentional or willfulattempts to violate or circumvent the re uirements of the Act. Second, the number of com lianceincidents retrains small,Third, certain types o f comp liance incidents continue to occur, indicating theneed for continued focus on m easures to address underlying causes, including the potential need foradditional measures. The oversight team is continuing to evaluate the m anner in w hich it conductsoversight to find areas to make oversight more efficient and effective.

(U) SECTION 2: IMPLEMENTATION OF SECTION 702 AUTHORITIES - OVERVIEW

10 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1M(9 I. Overview - NSA(TS//SII/NF) NSA seeks to acquire foreign intelligence information concerning specific

targets from or with the assistance of electronic communication serviceproviders, as defined in section 701(b)(4) of FISA, as am ended by the FAA. 4 As required by

4 (U) Specifically, Section 701(b)(4) provides:The term 'electronic communication service provider' m eans -- (A) a telecommunications carrier, as that termis defined in section 3 of the Com munications Act of 1934 (47 U.S.C. 153); (B) a provider of electroniccommunication service, as that term is defined in section 2510 of title 18, United States Code; (C) a provider ofa remote computing service, as that term is defined in section 2711 of title 18, United States Code; (D) anyother communication service provider who has access to wire or electronic commun ications either as suchcomm unications are transmitted or as such commun ications are stored; or (E) an officer, employee, or agent ofan entity described in subparagraph (A), (B), (C), or (D).

' L I P1 5ODNI

7/27/2019 faaodni0070

6/34

I ell il eSection 702, those targets must be non-United States ersons 5 reasonabl believed to be locatedoutside the United States. hi

1 2 3

9 1

(TS/ISIIINF) Once information is collectedt is subject toFISC-approved minimization procedures. NSA's minimization procedures set forth specificmeasures NS A m ust take when it acquires retains, and/or disseminates non- tubliel 'availableinformation about U nited States persons.$ (U) Section 101(i) of FISA defines "United States person" as follows:

a citizen of the United States, an alien lawfully admitted for permanent residence (as defined insection101(a)(20) of the Immigration and Nationality Act [8 U.S.C. 1 101(a)(20))), an unincorporatedassociation a substantial number of members of which are citizens of the United States or aliens lawfullyadmitted for permanent residence, or a corporation which is incorporated in the United States, but does notinclude a corporation or an association which is a foreign power, as defined in subsection (a)(1), (2), or (3).

NdiN 9 e7)

e L 6

ODNI

7/27/2019 faaodni0070

7/34

(S NSA's targeting procedures address, among other subjects, the manner in which NSAwill determine that a person targeted under Section 702 is a non-United States erson reasonablybelieved to be located o utside the United States,and the docum entation required.

(U) A. Location.(S) The procedures provide that NSA's targeting determinations should be made in li lit ofthe totality of the circumstances b ased on the information available

NSA has developed a list of factors to facilitate training and tasking for its analysts to use when identiand m eetin documentation requirements und er the "totality of the circumstances" requirement.

Ie e M.to 7ODNI

7/27/2019 faaodni0070

8/34

N o l

LI

1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 1 1 P w1 3

T P SECRETI/COIVIINIWNOFO RNODNI

7/27/2019 faaodni0070

9/34

9.. 1 . s(S With respect to the United States person statushe

rocedures .rovide that, in many cases, the information NSA reviewsma also i ive some indication as to whether the individual is a non-United Stateserson.

1 4

T O P S ECRE T # COM I NT I /N OF ORN

(U) B. United States Person Status.

ODNI

7/27/2019 faaodni0070

10/34

10 eThe citation is a reference that identifies the source of the information,enabling oversightersonnel to locate and review the information th at led the anal st to his/her reasonable belief.T O P SECRETI/COMENT//NOFORN1111111111111111111111 ' 9\1 9 ' 1 77 1(U) E. Documentation.ODNI

7/27/2019 faaodni0070

11/34

.1.11 . (S.) The source records citedheets are contained in a variety of NSA datarepositories. These records are retrieved by NSA, when requested by the DOT/ODNI oversightteam, to verify determinations

(U) G. Oversight and Compliance.(S) The procedures requ ire that NSA's Signals Intelligence Directorate (SID), together withNSA's Office of General Counsel (OGC), provide training on the procedures. They further providethat SID Oversight and Compliance will conduct oversight activities and make any necessaryreports, including those relating to incidents of non-compliance, to the NSA Inspector General andNSA's OGC, and will ensure that necessary corrective actions are taken to address any iden tifieddeficiencies. SID Oversight and Compliance conducts spot checks of targeting decisions and

f1t. . 1 1ODNI

7/27/2019 faaodni0070

12/34

I sdisseminations to ensure compliance with procedures. In Decem ber 2009, NSA deployed updatedand imp roved platform-based training, which includes a com petency test, for Section 702 an dProtect America Act (PAA ) data, some of which is still retained by NSA . Information on the N SAinternal web site is updated by SID Oversight and Com pliance as appropriate regardingimplemen tation of Section 702 authorities.

(8.) NSA has instituted internal training program s, access control procedures, standardoperating procedures, compliance incident reporting measures, and sim ilar processes to imp lementthe requirements of the targeting procedures. Only analysts who have received certain types oftraining and authorizations are provided access to the Section 702 program data. They m ust reviewan NSA OGC training ro and mu st take an examination.The databases NSA analysts use are subject to audit/review by SID O versight and Comp liance, aswell as by the NSA's O ffice of Inspector General (OIG). They m ay consult standard operatingprocedures for guidance, as well as supervisors, SID Oversight and Com pliance personnel, NSAOGC a ttorneys, and the NSA O ffice of Com pliance.

(8) In addition, the procedures provide that DOJ and ODNI will conduct oversight ofNSA's exercise of authority under Section 702 of the Act, including periodic reviews by DO J andODN I personnel to evaluate the implementation of the procedures at least once every sixty days(further discussed b elow).ES-) The procedures call for NSA to report to DOJ and ODN I any incidents of non-compliance w ith the procedures by NSA personnel that result in the intentional targeting of a personreasonably believed to be located in the United States or the intentional acquisition of anycomm unication in which the sender and all intended recipients are known at the time of acquisitionto be located within the United States, with a requirement to purge from NSA 's records anyresulting collection. NSA must also report any incidents of non-com fiance,

Additionally, if NSA learns, after targeting a person reasonably believed to be outside theUnited States, that the person is inside the Un ited States, or if NSA learns that a person who NSAreasonably believed was a n on-United States person is in fact a United States person, NSA m ustterminate the acquisition, and treat any acquired com mun ications in accordance w ith itsminimization procedures. In each of the above situations, the Section 702 procedures during thisreporting period required NSA to report the incident to DO J and OD NI within the time specified inthe targeting procedures of learning of the incident.(TS) NSA has established an incident tracking and reporting standard operating procedure toimplement the foregoing. NSA has indicated that such incidents are tracked using a pre-establishedtracking template that includes fields for the information to be reported to DO J and ODN I. Inaddition to the Oversight and Compliance office, the NSA OG C and O IG are included in the

process.(4EF9140) In July 2009, NS A established the Office of the Director of Com pliance, whichis responsible for continuous m odernization and enforcemen t of all mission comp liance strategiesand activities to ensure their relevance and effectiveness. This office complements and reinforcesthe intelligence oversight program of the N SA Inspector General and oversight responsibilities ofthe NSA General Counsel by creating a Comprehensive Mission Compliance Program (CMC P) to

e ,/ e _ e 12ODNI

7/27/2019 faaodni0070

13/34

(S) FBI is authorized to ac uire forei intelli ence inform ation

1 31 /s1 6 ' he FBI \01)15 ( \ D \ 1 /

ensure that progress is made across the board at NSA. This compliance program includes, amongother things, special compliance activities focused on select FISA authorities as well as awarenessand training which ensures a robust comp liance training and education program for emp loyees.

(S) II. Overview- FBI

ODNI

7/27/2019 faaodni0070

14/34

e e e P c .(S) A. FBI Targeting Procedures.

FBI is authorized to ac uire foreign intelligence information

\ 7 1

111111L'\9\

1 1 1 1 1 1 1 1 1 1 1 1 1 1 L 0e 11n e 14

ODNI

7/27/2019 faaodni0070

15/34

T O P SECRET/ICOMINT//NOFORN

(U) B. Documentation.

FBI has created a s stem to track the in - in of information from its s stems.

49(U) C. Oversight and Compliance.

m i l1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 = 1 9 1 1 1 1 1 1 117

15

ODNI

7/27/2019 faaodni0070

16/34

\7 1

\o )

N9) ' 16

ODNI

7/27/2019 faaodni0070

17/34

(U) IV. Overview -Minimization.(8) As referenced above, onceas been tasked for collection, non-pub liclyavailable information collected as a result of these taskings that concerns United States personsmust be m inimized. The FISC-approved minimization procedures require such minimization in the

acquisition, retention, and dissemination of foreign intelligence information. As a general matter,minimization rocedures under Section 702 are similar in most res ects to minimization under otherFISA orders.\01

The m inimization procedures, however, do reflectdifferences from m inimization unde r FISA orders where Section 702 imposed additional obligationsor restrictions. For exam ple, the Section 702 minimization procedures require, with limitedexceptions, the purge of any comm unications acquired through the targeting of a person who at thetime of targeting was reasonably believed to be a n on-United States person located outside theUnited States, but is in fact located inside the U nited States at the time the comm unication isacquired, or was in fact a U nited States person at the time of targeting.

(U) SECTION 3: CONDUCT OF COMPLIANCE ASSESSMENT ACTIVITIES(U) I. Work of the Compliance Assessment Team.

(U) A. Compliance Assessment Team M embers.(U) Compliance assessment activities have been jointly conducted by DOT an d OD NI.

Specifically, a joint team has been assem bled, consisting of m embers from the DOJ's N ationalSecurity Division (NSD), ODNI's Civil Liberties and Privacy Office (CLPO), ODN I's Office ofGeneral Counsel (OGC), OD NI's Office of Inspector General (OIG), and OD NI's Office of D eputyDNI for Collection. The team members play complementary roles in the review process. While allteam m embers seek to ensure com H ance with requirements and review available documentation,DOJ focuses oneviews and com pleting reporting requirements, and ODNIseeks to identify programm atic and interagency issues.(U) B. Com pliance Assessment Visits.(SI/NF) The team organized its reviews based on the 60-day review cycle required by theprocedures under each certification. For the reporting period, the on-site visits were as follows:

Date of Visit en caskings ReviewedAub st 6, 2009Au st 13, 2009September 3, 2009 June 2009June 1 Jul 31, 2009July 2009' e 17ODNI

7/27/2019 faaodni0070

18/34

September 22, 2009October 6, 2009 June 1 Jul 31 2009

October 13, 2009 August 1 September 30, 2009October 26, 2009ugust 1 September 30, 2009November 10, 2009eptember 2009December 9, 2009ctober 2009December 10, 2009ctober 1 November 30, 2009December 15, 2009ctober 1 November 30, 2009January 12, 2010ovember 2009(SAW) ODN1 and DOS have assessed the oversight process used since Section 702 wasimplemented in 2008, and has identified certain positive results. The oversight team has found thata large percentage of com pliance incidents reported in the Section 707 Reports have been self-identified by the agencies. To optimize current resources in the oversight process, ODNI and DOJare consulting on the best ways to maximize oversight resources.

To be in this chan e, the oversi ht team has instituted meetin sODNI and Dar assess that these discussions will enhance communications among the partiesconcerned with Section 702 collection, and will help reduce the number of reportable complianceincidents.

V\

(SI/SU/NF) Review of statistical information regarding the numbern coverageis helpful for oversight planning purposes, trend and pattern analysis, and evaluation of underlyingcauses.0 1DI)1 9

20

21

ODNI

7/27/2019 faaodni0070

19/34

0111111111111111111.. 1 7 (U) II. The Compliance Review Process.

(S) A. Review Process - NSA.(8) Prior to a visit date, NSA electronically sendsaskediiithe review period to DOJ and ODNI. DOJ attorneys conduct a review ofland prepare a detailed report of their findings, which they share with the ODNI members ofthe review team. D uring their reviews, DOJ attorneys seek to determine whe ther themee t the documentation standards required by NSA's targeting procedures and provide sufficientinformation for the reviewers to ascertain the basis for NSA 's foreignness determinations. Forthosehat, on their face, meet standards and provide sufficient information, nofurther su ortin documentation is requested for the onsite review. DOJ attorneys then identifythehat, without further review of the cited documentation, did not provide sufficientinformation, and set forth their questions for each of thoseThe review team then focuses

on thoseuring the subsequent review.(-8) This initial review serves an imp ortant function for the review team. B y reviewing thedocum entation "off site," the DOJ attorneys can analyzeith care, and makeinitial review assessments based on the type of information set forth on the selector sheets. For \jlhl)b\2 (S) As further discussed in the Section 707 Re rt, in Au st 2009, ODNI and DOJ learned that they had not beenprovided withSA is continuing to evaluate its retrievalprocess to ensure that there also provided for review.e 14t6. e 19

ODNI

7/27/2019 faaodni0070

20/34

/1 ,Ppp. s.1 9 1

ES) During the onsite review, the team exam inesogether with NSA SIDOversight and Com liance ersonnel, NSA attorneys and other NSA ersonnel as required. Theteam has access tond interacts as neededwith analysts to ask questions, identify issues, clarify ambiguous entries, and provide guidance onareas of potential improvement. Interaction continues following the onsite reviews in the form of e-mail and telephonic exchanges to answer questions and clarify issues.(g} Following the completion of a 60-day review cycle, DOJ prepares a report documentingthe results of the review for that period. This report is provided to congressional committees as anattachment to the Section 707 Report. It documents the relevant time f the review, the dateof the onsite visit, the agencies reviewed, the num ber and types ofnd a detailed summaryof the findin s for that review eriod. These reports contain specific details without providing that explain,he issues addressed by the o versight team aspart of its review during that period, and the outcom e of each issue.(Sr) B. Review Process FBI.For FBI, the review team schedules a visit in advance with FBI, so that FBI can prepare

1 1.L 20ODNI

7/27/2019 faaodni0070

21/34

TOP SECRETI/COMINTHNOFORN

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 \ 9 1 7(U) D. Review Process Minimization.ES) During the onsite visits to NSA, the team reviews NSA'sf Section 702-acquired data to verify compliance with m inimization procedures. The team reviews all serializedreports based on Section 702-acquired data that NSA identifies as containing United States personinformation. The results of these reviews have been docum ented and included as attachments to theSection 707 Report. During this review period, the team also began to take a random sample ofreports not identified by N SA to e nsure that NSA was accurately identifying all reports containingUnited States person information.v;\

21

ODNI

7/27/2019 faaodni0070

22/34

TOP SECRETIICOMINTI/NOFORN

(U) E. Review Process Compliance Incident Reports.(S) The targeting procedures during the reporting period required that incidents of non-compliance be reported to DOJ and O DNI w ithin five business or seven calendar days (dependingon the applicable set of procedures) of the reporting agency learning of the incident. These reports

are reviewed by the team, with follow-up questions asked for clarification and action. Theseincidents are often discussed during the regularly scheduled reviews. Where necessary, the teamalso has conducted onsite investigations of particular incidents. Compliance incidents have beenreported to the FISC in individual compliance notices to the Court, filings related to the FISC'sreview of the 111.11.11111111.11111111 and/or in the Section 707 report.(S//1\IF) On A ugust 25, 2009, the FISC ordered that D OJ provide reports to the FISC every90 days providing the FISC with timely and effective notification of compliance issues involvingthe Governm ent's implementation of its authorities under Section 702, including matters notcovered by notices pursuant to Rule 10(c) of the Rules of Procedures for the FISC. The first reportwas filed with the FISC on Decem ber 7, 2009. 2 3

(U) SECTION 4: COMPLIANCE ASSESSMENT FINDINGSEghtF.040-) This assessment finds that during the reporting period, the agencies havecontinued to impleme nt the procedures and follow the guidelines in a manner that reflects a focusedand concerted effort by agency personnel to comply with the requirements of Section 702. Thepersonnel involved in implementing the authorities are appropriately focused on directing theirefforts at non-United States persons reasonably believed to be located o utside the United States.Processes have been put in place to im plement these authorities and to impo se internal controls forcompliance and verification purposes.(S) There have been some compliance incidents during the reporting period representing a

very small percentage of the overall activity. The DO J and O DNI oversight team does not believe

23 (S//NF) The first report covered the period August 25, 2009 through November 30, 3009, a period greater than 90days. The time for reporting was extended for the first report in order to correspond with the reporting period for thisSemiannual Assessment Report and the corresponding Section 707 Report.

TOP SECRETI/COMINTI/NOFORN2 9ODNI

7/27/2019 faaodni0070

23/34

(U) A. Statistical Data Relating To Compliance Incidents.

TOP SECRETI/COMINTI/NOFORNthese incidents represent an intentional attempt to circumvent or violate the procedures required b ythe Act.

6) The compliance incidents for the reporting period are described in detail in the Section707 Report, and, as w ith the prior joint assessments, are analyzed here to de termine whether thereare patterns or trends that might indicate underlying causes that could be addressed throughadditional measures, and to assess whether the agency involved has implem ented m easures toprevent recurrences. The oversight team is continuing to review the efficacy of those m easures on acontinuing basis.

(U) I. Compliance Incidents General.ES As previously stated, the compliance incidents identified in this reporting period havebeen separately reported in detail in the Section 707 Report. The Section 707 R eport covers thosecompliance incidents in the Attorney General's Third Semiannual Report C oncerning Acquisitionsunder Section 702 of FISA.(U) The com pliance incidents are reviewed h ere in general terms to assess broaderimplications the details are not repeated unless directly relevant to a point being made.

(TS//SU/NF) The value of statistical information in assessing compliance in situations suchas this is unclear. A single incident, for example, may have broad ramifications. Multiple incidents

\9\TOP SECRET//C MINT//NOFORN3

ODNI

7/27/2019 faaodni0070

24/34

9 1 e P . may increase the incident count, but may be deemed of ve limited si ificance. There are,however, certain observations that can be m ade.

(g) In seeking to assess the value of such statistical data, the oversigh t team is evaluatingthe means for collecting and analyzing such data. For examp le, it may be useful to examine thestatistical data through the lens of each agency. Moreover, it may prove useful to analyze the typesof incidents that comprise the "numerator" and the type of activity that those incidents are beingcompared ag ainst the denom inator in order to derive more targeted metrics and insights.

'

\9 3

1 1 1 1 1 1 1 1 1 0 \24

ODNI

7/27/2019 faaodni0070

25/34

TOP SECRETHCOMINTI/NOFORN11111111MIMINIIIMMIIIIIMIIIIMMINNIMMINIIM 17 1

(83 Again, the joint oversight team does not wish to over-emphasize what can be inferredfrom statistics such as thes e. In particular, as stated in the prior report, the incidents them selvesmust be exam ined, since each individually or collectively m ight he indicative of patterns, trends,or underlying causes w ith broader implications.

b l

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

2 \

\9\

26

L I WM 'kJ.411 25ODN I

7/27/2019 faaodni0070

26/34

O As previously discussed, this joint assessment focuses on reviewing the complianceincidents reported in the Section 707 Report for purposes of identi in trends, patterns, andunder]iing causes

'

\9\

27ncident citations refer to the citations used in the Section 707 Report. ' 26

ODNI

7/27/2019 faaodni0070

27/34

1 0 3

\ 0 1 71 1 1 1 1 1 1 1 1 1 1 1 1 1 \ ) \829 64414440) Section 702(b)'s limitation on targeting United States persons does not contain an exception for consent.

e lt 411ll R .,7ODNI

7/27/2019 faaodni0070

28/34

TOP SECRET//COMINT//NOFORN

31

e 28

ODNI

7/27/2019 faaodni0070

29/34

TOP SECRET//COMINT//NOFORN

aill.11.111MIMIMM=M1 Nt,\29

ODNI

7/27/2019 faaodni0070

30/34ODNI

30

7/27/2019 faaodni0070

31/34

The add ition of the targeting rationale

TOP SECRET//COMINT/INOFORN

b l

igimmisiGN l(S-) I. Documentation Incidents.

(S) As described in the Section 707 Repo rt, documentation issues are summarized incompliance review mem oranda prepared by DOJ following each on-site review. These memorandadetail the number an d types of do cuments reviewed , the specific issues identified on abasis, and how each issue was resolved during or following the on-site review. Eachreview mem orandum is attached to the Section 707 Report.

The oversight team has noted continued improvem ent in documentation practices.

is helping to provideexplanatory information to further understand why a particulars being tasked.(S) While interactions between oversight and agency personnel have helped im proveexpectations and und erstandings regarding docum entation practices, as w ith the last jointassessment, the review mem oranda attached to the Section 707 Report continue to note specificissues on a case-by-case basis.

Discussions between the oversight team and agen cye A .. . 9 P . 31

ODNI

7/27/2019 faaodni0070

32/34

'1 .1.1 tl1 4,

personnel continue regarding the level and type of detail appropriate to support certain taskings,particularly when technical information is not available.

S I

t)3

t9 1

91)

32

ODNI

7/27/2019 faaodni0070

33/34

e ' e l lTe. e hlN o l )

hl

( - 8 3 IV. R eview of Compliance Incidents - FB I.

N o I

' 9,, e _e 33ODNI

7/27/2019 faaodni0070

34/34

e L1:(U) SECTION 5: CONCLUSIONS.

(Wri-FOI.I04 During the reporting period, the agencies have continued to implement theprocedures and follow the guidelines in a manner that reflects a focused and concerted effort byagency personnel to comply with the requirements of Section 702. The joint oversight team has notfound indications of any intentional or willful attempts to violate or circumvent the requirements ofthe Act in the com pliance incidents assessed above. The num ber of com pliance incidents remainssmall, particularly when com pared with the total amount of activity. Certain types of complianceincidents continue to occur, indicating the need for continued focus on measures to addressunderlying causes. The oversight team will continue to review the efficacy of measures to addressthe causes of com pliance incidents during the next reporting period. In addition, the oversight teamis continuing to evaluate the manner in which it conducts oversight to find areas to make oversightmore efficient and effective.